Pages

Friday, 15 June 2012

Next Wednesday, I'll be chairing the Institute of Engineering and Technology's Security for Mobile Devices event, which takes place at the impressive RIBA building in London. With topics ranging from the complex subject of mobile forensics to the good and bad of Bring Your Own Device (BYOD) policies in businesses, it is going to be an interesting day with some lively debate. I'm also pleased with the stellar line-up of speakers there. The programme includes:

An opening address by Mike Short of Telefonica (and also President of the IET)

I invited Matt Williams to write a guest post on cyber bullying. Thanks for a great article Matt!

Cyberbullying
is a topic of discussion that is becoming increasingly mentioned in today’s
electronic world. In a time where the Internet is a staple part of our everyday
lives, the ability to communicate one’s feelings by the click of a button is
often taken for granted. This is particularly the case when referring to the
mobile arena, as thoughts and ideas can translate to an SMS, Tweet or Facebook
post almost instantly. Whilst many welcome the advancement with open arms, such
steps forward naturally arrive with significant disadvantages. Cyberbullying is
one of the most profound, and after a recent case of the practice came to light
in the media, the UK Government is now being put under pressure to increase its
efforts in a bid to address the matter.

Unmasking trolls and cyberbullies

The
consistent rise in pressure began to escalate last week, when a British woman successfully won a court order allowing the identities of the individualsharassing her online to be revealed. Nicola Brookes had suffered a barrage of
abuse from other users of the popular social media website, Facebook. Having
achieved the court order, the users who posted defamatory comments against Mrs
Brookes will now have a select amount of their personal details made known.
This includes the IP addresses of the devices used by the cyberbullies. It is
hoped that the added threat of having parts of a person’s personal profile
revealed will help in the fight to combat the ever-growing threat of cyberbullying.

However,
some organisations have expressed great concern about having the ability to
reveal the proposed information. Privacy International states its position on
the matter, claiming that on an international scale, certain operators may
become too lax on the ability given to them. They fear that such organisations
are at risk of exposing personal details, even in the event that only an
allegation has been made. Therefore, the appearance of this ability in the
social media market comes with new considerations, in many other aspects and on
a much wider scale. But how would this tie in to mobile devices?

Well,
the clear advantage of the portability of mobiles phones poses as a threat in itself,
as it presents one of the best methods of allowing cyberbullying to take place.
These days, it is difficult to find a person in the UK without some form of
mobile device. For many, the simplicity of being able to communicate with
another individual has never been greater, thanks to the mobile phone. It is
for this reason that mobile devices can more easily act as a catalyst to such
an act as cyberbullying.

Cyberbullying in Private via Mobile

Another
reason why cyberbullies prefer to use mobile to carry out their attacks is
because phones often come with a lack of parental interference. Considering
that the issue is most common within the teenage demographic, parents of younger
phone users tend to distance themselves from their child’s mobile
communications and online lives. Likewise, it is common for adolescents to find
a means of preventing their parents from accessing their messages. It is this
separation that can pave the way for cyberbullying to take place on a more
private scale. In many aspects, this is more significant than a public example
of online harassment, as the issue can steadily manifest itself and worsen with
time.

But it
is important to remember that cyberbullying isn’t only exclusive to text
communications. Photos, videos and audio recordings, that demonstrate offensive behavior,
also contribute to the problem. In many situations offensive material of any
form is deleted soon after having being sent, especially on mobiles. This is often
the case for both the architect of such material and the victim themselves. As
a result, a record of the exchange becomes difficult for parents, teachers and
the Police to trace, as the evidence is no longer present on the front end.

Government pressure on cyberbullying should
continue

However, this recent development enabling victims to unmask cyberbullies can ultimately be considered to be a significant step forward, when attempting to tackle online perpetrators. Consequently, it is a move by the Government that will be well received. But it is important to remember that the private side of cyberbullying will continue to take place, and the Government must maintain its interest in combating the matter in the long run.

Matt
Williams has just completed his second year as a student at the University of
Derby, pursuing an undergraduate degree in Computer Forensics and Security. He
has a keen interest in up-and-coming mobile technologies, particularly in
reference to mobile security.

Saturday, 9 June 2012

Not mobile security, but possibly big emerging security news (more on why I think so below). The Sony Playstation Network is currently down (as of 20:39 UK on the 9th of June).

Germany-Portugal 0-0 you say?

Just before 8pm, I noticed I was signed out of the PSN, so went to the "Sign In" menu. This immediately took me to a change password menu. It said that my password was "no longer valid". The dialog asked me to enter and then re-enter a password. Quite painful on a PS3 controller with complicated passwords, but it did slightly concern me that it hadn't asked me for my old password (I need to spend some more time thinking about this though but my first thoughts were about whether I could get access to my credit card info etc, once I had done this). Anyway, I didn't even get that far as the system locked up on me. After a restart, I submitted the new password and it timed-out, with "This service is currently undergoing maintenance".

The PSN website says that the service is "Partially available" but there is no statement at all about what is going on. Obviously it could just be a major hardware failure somewhere, but equally we could be seeing the effects of an emergency shutdown due to a security issue (like last time). And, it was about this time last year it all happened. Added to that the fact that there have been a lot of password related breaches this week (LinkedIn et al), could this be linked?

As I write this (now 20:51), I've just been able to sign in again. No password change screen or anything, so it is all a bit strange.

To be updated...

Update 14/06/12 - No word on what happened the other day from Sony by the looks of things, but this afternoon (c.14:30 ish) the PSN network is down again, with some tweets giving very similar symptoms to the ones I had above. Again, nothing from Sony as to what is going on...

Friday, 1 June 2012

I've dug up an old copy of Amstrad Action (issue no.85, October 1992) which has quite a funny letter from a reader in its technical forum section. You can see a scan of the letter below:

This is a really good example of the kind of paranoia users get into. It also probably reflects what was being touted around the media at the time. Earlier in 1992, the Michelangelo virus had caused a bit of a media storm after some hardware and software manufacturers accidentally shipped infected products.

I can't find any reference on the web to the German Amstrad CPC virus referred to, but I do remember seeing some CPCs in Dixons in Scarborough in about 1990 which had some kind of anarchistic screen displayed saying it had been hacked, which as a kid I found pretty cool. Someone had obviously sneaked in and loaded it up on the machines while the salesmen weren't looking.

Anyway, fast forward to today and we find this ludicrous - why were users jumping to conclusions about viruses on a machine like the CPC? Similar events are happening today - users seem to jump to extremes - either they ignore the possibility completely that they have clicked on something bad and are now part of a botnet or, at the other end of the scale (like the guy above), that because their computer is running slowly or broken, it must absolutely be a virus. This also extends to either the misplaced notion that Apple machines are immune to malware or that Android devices are riddled with maliciousness. Both incorrect views, but popular ones (and perpetuated by the media in many cases).

Users need independent trusted sources of honest advice and that isn't necessarily found in those who have a vested interest in selling a fix to them.